Compliance failures are rarely caused by a single oversight. They are often the consequence of breakdowns in systems and in cultures. The recent enforcement action against Metro Bank by the Financial Conduct Authority (FCA) depicts how these breakdowns can accumulate over time to create serious vulnerabilities, both for the institution and the broader financial system.
The £16.7m wake-up call
Between June 2016 and December 2020, Metro Bank failed to properly monitor over 60 million transactions worth over £51 billion for money laundering risks. The root cause was a failure in their automated transaction monitoring system (ATMS) which involved a technical error in how data was fed into the system. This meant that transactions carried out on the same day as account openings were not being checked.
The FCA fined Metro Bank £16.7 million for these failings, reduced from an initial £23.8 million thanks to the bank’s cooperation and early agreement to resolve the issue.
Red flags ignored, for years
The concerning aspect of this case wasn’t the technical glitch, which can happen. It was the response to early warning signs. It was reported that staff raised concerns as much as eight years ago but they were not really addressed effectively. In fact, no action was taken to investigate or resolve the issue until mid-2019. Even then, Metro Bank lacked a mechanism to consistently verify that all relevant data was being monitored, a problem only fully addressed a full year later.
Therese Chambers, executive director of enforcement and market oversight for the FCA, noted, “Metro’s failings risked a gap being left in our defence against the criminal misuse of our financial system. Those failings went on for too long.”
And this case is not an anomaly. In 2015, the Bank of Beirut was fined after misleading the FCA about its AML remediation progress. The compliance officer and internal auditor claimed senior management pressured them but the FCA still held them accountable. In 2016, Sonali Bank’s MLRO was fined for misleading the board about the state of the bank’s AML controls, despite having received little support. The regulator made it clear that when risks are not being managed properly, someone needs to speak up and if the internal channels fail, there needs to be direct reporting.
A compliance culture
It appears that there’s a cost to silence. For institutions, it leads to fines, reputational damage and regulatory scrutiny. For individuals, it can mean personal sanctions and career-ending consequences.
Fostering a culture of openness, challenge and accountability is not just a “nice to have” but a regulatory imperative.
That means:
- creating safe reporting channels
- encouraging all employees to speak up
- ensuring concerns are documented and addressed
- holding leadership accountable
The FCA has shown increasing impatience for organisations that get this wrong. They expect firms to have functioning systems and the ability to identify when those systems fail.
In Metro Bank’s case the technical failings were serious but the cultural ones were worse. Someone did speak up but no one listened.
Training your staff in AML needs to be more than a tick-box exercise. Packed with realistic scenarios, real-life case studies and customisation options, our suite of AML courses will help you stay protected.
